Chris Evans discovered that a specially crafted archive can trigger an infinete loop in bzip2, a high-quality block-sorting file compressor. During uncompression this results in an indefinitively growing output file which will finally fill up the disk and. On systems that automatically decompress bzip2 archives this can cause a denial of service.

For the oldstable distribution (woody) this problem has been fixed inversion 1.0.2-1.woody5.

For the stable distribution (sarge) this problem has been fixed inversion 1.0.2-7.

For the unstable distribution (sid) this problem has been fixed inversion 1.0.2-7.

We recommend that you upgrade your bzip2 package.

Upgrade Instructions- --------------------

wget url will fetch the file for youdpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below: